Plus: Researchers find RedNote lacks basic security measures, surveillance ramps up around the US-Mexico border, and the UK ordering Apple to create an encryption backdoor comes under fire.

As the United States reels from the upheaval caused by Elon Musk’s so-called Department of Government Efficiency (DOGE), hackers from countries the US considers hostile continue to wreak havoc from afar.

New research shows that China’s Salt Typhoon hacking group has expanded its targets list to include universities around the world and at least two more telecoms operating in the US. That brings the total number of US telecommunications networks breached by Salt Typhoon to at least 11.

Russia’s notorious Sandworm hacking unit may be best known for its attacks on Ukraine, including multiple blackouts caused by its cyberattacks and its release of the destructive NotPetya malware. However, a hacking group within Sandworm is now taking aim at targets in Western nations, including Australia, Canada, the UK, and the US, according to research released this week by Microsoft. The group, which Microsoft calls BadPilot, is known as an “initial access operation,” breaching targets for the purpose of handing over access to those systems to other Sandworm hackers.

Meanwhile, we dug into the slimy world of romance scammers who are making ill-gotten fortunes by capitalizing on the loneliness epidemic, and we dipped into the opaqueness of online advertising data that could pose a threat to US national security. Finally, we found that US funding cuts under the new Trump administration are hurting the organizations protecting children from exploitation, abuse, and human trafficking.

And there's more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

**The Official DOGE Website Launch Was a Security Mess**

Elon Musk’s DOGE finally started publishing some information about its activities on its threadbare website this week. But it wasn’t the only entity publishing on the site.

Two web developers, working independently, found that it is possible to push updates to the DOGE.gov domain, which claims to be an official US government website. The website uses a database that can be edited by anyone online, the experts told 404Media. To demonstrate the insecurity, they left a couple of messages on the DOGE site: “This is a joke of a .gov site,” one read, while the other says: “THESE ‘EXPERTS’ LEFT THEIR DATABASE OPEN.”

The messages stayed on the website for at least 12 hours and remained visible for some time on Friday. The DOGE website was launched in January and until this week was a single landing page containing very little information. The web experts who discovered the vulnerabilities told 404Media that the website appeared to have been “slapped together.”

The website only started being populated this week—with some figures purporting to show the size of the US government—after Musk promised his organization would be “maximally transparent.” That transparency may have gone a step too far, however, with HuffPost reporting on Friday that the site included classified material.

As well as being insecure, the DOGE website heavily leans on X, the social media platform owned by Musk. DOGE’s homepage is a feed of its own X posts, but it also uses code that directs search engines to X.com instead of DOGE.gov, a WIRED review of the site found. “This isn't usually how things are handled, and it indicates that the X account is taking priority over the actual website itself,” one developer told WIRED.

**RedNote Security Flaws Come Into Focus**

Chinese TikTok alternative RedNote gained around 700,000 US users and courted American influencers when the ban on TikTok loomed in January. While many of those people may have only used RedNote for a few days, a new analysis from the University of Toronto’s Citizen Lab has highlighted how a lack of encryption could have opened up US users to “surveillance by any government or ISP \[Internet Service Provider\], and not just the Chinese government.”

The analysis of RedNote found a host of network security issues in both its Android and iOS apps. RedNote fetched images and videos using HTTP connections, not the industry standard and encrypted HTTPS; some versions of the app contained a vulnerability that allows an attacker to have “read” permissions on a phone; and it “transmitted insufficiently encrypted device metadata.” The flaws were contained in RedNote’s app and several third-party software libraries that it uses. Citizen Lab reported the issues to the companies starting in November 2024 but has not heard back from any of them.

The security researchers say that the vulnerabilities could risk surveillance for all users, including those in China. “As the Chinese government might already have mechanisms to lawfully obtain detailed data from RedNote about their users, the issues that we found also make Chinese users especially vulnerable to surveillance by non-Chinese governments,” the research says.

It underscores that within China even widely used apps may not meet the same security standards as those developed outside the country. “Applications that are popular in China often use no encryption, proprietary encryption protocols, or use TLS without certificate validation to encrypt sensitive data,” the analysis says.

**Military Spy Planes Increase Surveillance Flights at US-Mexico Border**

Over the last two weeks, US spy planes have flown at least 18 missions around the Mexico border, analysis from CNN has shown. The flights mark a “dramatic escalation in activity,” the publication reports, and come as the Trump administration has designated drug cartels as terrorist organizations and has turned the nation’s security apparatus toward deporting millions of migrants. According to CNN, various military planes, including Navy P-8s and a U-2 spy plane, were used in the operations and are capable of collecting both imagery and signals intelligence. Also this week, US Immigration and Customs Enforcement has advertised new contracts that would allow it to monitor “negative” social media posts that people make about it.

**Backlash Mounts Against UK’s Secret Apple Encryption Order**

Last month, the UK government hit Apple with a secret order demanding the company create a way to access data stored in encrypted iCloud backups. The order, called a Technical Capability Notice and issued under the UK’s controversial 2016 surveillance law, was first reported by The Washington Post last week. Since then, there’s been a growing backlash against the demands from the UK government, with many highlighting how a change would impact the security of millions around the world.

US senator Ron Wyden and representative Andy Biggs have sent a letter to Tulsi Gabbard, the new director of national intelligence, saying the order undermines trust between the US and UK. “If the UK does not immediately reverse this dangerous effort, we urge you to reevaluate US-UK cybersecurity arrangements and programs as well as US intelligence sharing with the UK,” the pair said, drawing comparisons to the Chinese-linked Salt Typhoon hacks of US telecom firms that utilized a surveillance “backdoor.” Since details of the order emerged, Human Rights Watch has called it an “alarming overreach,” while 109 civil society organizations, companies, and other groups signed an open letter saying the “demand jeopardizes the security and privacy of millions.”

The Official DOGE Website Launch Was a Security Mess

Google is working on a new security feature for Android that blocks device owners from changing sensitive settings when a phone call is in progress.
Specifically, the in-call anti-scammer protections include preventing users from turning on settings to install apps from unknown sources and granting accessibility access. The development was first reported by Android Authority.
Users who attempt

Android's New Feature Blocks Fraudsters from Sideloading Apps During Calls

Massive 1.17 TB data leak exposes billions of records from a Chinese IoT grow light company. Wi-Fi passwords,…

Massive 1.17 TB data leak exposes billions of records from a Chinese IoT grow light company. Wi-Fi passwords, IP addresses, and device IDs are among the exposed data. Learn more.

A large, unprotected database belonging to Mars Hydro, a company specializing in IoT grow lights (Internet of Things Grow Lights) and agricultural software, was discovered by cybersecurity researcher Jeremiah Fowler.

The database, containing a whopping 2.7 billion records totalling 1.17 terabytes, exposed a treasure trove of sensitive information, including Wi-Fi network names (SSIDs), passwords, IP addresses, device IDs, email addresses, and more.  

According to Fowler’s blog post for vpnMentor which the company shared with Hackread.com ahead of publishing on Wednesday 12th February 2025, within the database, folders labelled for logging, monitoring, and error records of IoT devices worldwide were found. 

Sample analysis revealed over 100 million records across 13 folders, containing not only Wi-Fi network names but also their corresponding passwords, along with IP addresses and unique device identifiers.  Interestingly, the data also seemed to link to the control devices, such as smartphones, used to manage these IoT products, revealing information about operating systems (e.g. iOS and Android).

Further investigation linked the database to LG-LED SOLUTIONS LIMITED, a California-registered company.  API details and URLs associated with LG-LED SOLUTIONS, Mars Hydro, and Spider Farmer- all involved in the manufacturing and sale of agricultural grow lights, fans, and cooling systems- were also present in the exposed data.  Numerous records were specifically labelled as “Mars-pro-iot-error” or “SF-iot-error,” suggesting a connection to these specific product lines.  

Fowler also found error logs containing potentially sensitive information, including tokens, application versions, device types, and IP addresses, in addition to the Wi-Fi credentials. 

Following the discovery, Fowler promptly notified LG-LED SOLUTIONS and Mars Hydro, leading to the database being secured within hours. Mars Hydro, identified as a Shenzhen, China-based LED grow light manufacturer with warehouses in the UK, US, and Australia, confirmed to Fowler that the Mars Pro app is their official product. 

Nevertheless, questions remain regarding the database’s ownership, management, and the duration of its exposure. It is unclear if the database was managed directly by LG-LED SOLUTIONS or a third-party contractor. A thorough forensic audit would be required to determine the extent of any unauthorized access, Fowler noted in the blog post.

The Mars Pro app and connected devices have been exposing vast amounts of information. Such lapses can lead to misuse, like surveillance, man-in-the-middle attacks, and manipulation. The recently reported Matrix hacker group is a prime example of the ongoing exploitation of exposed IoT devices for DDoS botnets.

Additionally, studies indicate that a significant percentage of IoT devices (57%) are highly vulnerable, with a majority of transmitted data (983%) being unencrypted. To mitigate these risks, IoT device makers and app developers must prioritize data protection, avoid plain text logging, use encryption, secure internal cloud storage, and conduct regular security audits and penetration testing.

.

Massive 1.17TB Data Leak Exposes Billions of IoT Grow Light Records

Google has stepped in to clarify that a newly introduced Android System SafetyCore app does not perform any client-side scanning of content.
"Android provides many on-device protections that safeguard users against threats like malware, messaging spam and abuse protections, and phone scam protections, while preserving user privacy and keeping users in control of their data," a spokesperson for

Google Confirms Android SafetyCore Enables AI-Powered On-Device Content Classification

Apple has released an out-of-band security update for a vulnerability which it says may have been exploited in an "extremely sophisticated attack against specific targeted individuals.”

Apple has released an emergency security update for a vulnerability which it says may have been exploited in an “extremely sophisticated attack against specific targeted individuals.”

The update is available for:

*   iOS 18.3.1 and iPadOS 18.3.1 – iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
*   iPadOS 17.7.5 – iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation

If you use any of these then you should install updates as soon as you can. To check if you’re using the latest software version, go to **Settings** (or **System Settings**) > **General** \> **Software Update**. It’s also worth turning on Automatic Updates if you haven’t already, which you can do on the same screen.

Update now

**Technical details**

The new-found zero-day vulnerability is tracked as CVE-2025-24200. When exploited, the vulnerability would allow an attacker to disable USB Restricted Mode on a locked device. The attack would require physical access to your device

The introduction of USB Restricted Mode feature came with iOS 11.4.1 in July 2018. The feature was designed to make it more difficult for attackers to unlock your iPhone. When USB Restricted Mode is active, your device’s Lightning port (where you plug in the charging cable) will only allow charging after the device has been locked for more than an hour. This means that if someone tries to connect your locked iPhone to a computer or other device to access its data, they won’t be able to do so unless they have your passcode.

To enhance data security, especially when traveling or in public places, it is recommended that you enable USB Restricted Mode in your device settings. If your iPhone, iPad or iPod Touch is running iOS 11.4.1 or later, USB Restricted Mode is automatically on by default, but if you want to check and enable USB Restricted Mode, this can be done by going to **Settings** > **Face ID & Passcode** or **Touch ID & Passcode** > **(USB) Accessories** and toggling off (grey) the **(USB) Accessories** option. Enabling this setting adds an extra layer of protection against unauthorized data access.

Accessories are safe now

Please note: toggling the option to green turns this feature off.

Vulnerabilities like these typically target specific individuals as deployed by commercial spyware vendors like Pegasus and Paragon. This means the average user does not need to fear attacks as long as the details are not published. But once they are, other cybercriminals will try to copy them.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Apple fixes zero-day vulnerability used in &#8220;extremely sophisticated attack&#8221; 

Android phishing apps are the latest, critical threat for Android users, putting their passwords in danger of new, sneaky tricks of theft.

There are plenty of phish in the sea, and the latest ones have little interest in your email inbox.

In 2024, Malwarebytes detected more than 22,800 phishing apps on Android, according to the recent 2025 State of Malware report. Of those malicious apps, 5,200 could subvert one of the strongest security practices available today, called “multifactor authentication,” by prying into basic text messages sent to a device. Another 4,800 could even read information from an Android device’s “Notifications” bar to obtain the same info.

These “Android phishing apps” may sound high-tech, but they are not. They don’t crack into password managers or spy on passwords entered for separate apps. Instead, they present a modern wrapper on a classic form of theft: Phishing.

By disguising themselves as legitimate apps—including for services like TikTok, Spotify, and WhatsApp—Android phishing apps can trick victims into typing in their real usernames and passwords on bogus login screens that are controlled entirely by cybercriminals. If enough victims unwittingly send their passwords, the cyber thieves may even bundle the login credentials for sale on the dark web. Once the passwords are sold, the new, malicious owners will attempt to use individual passwords for a variety of common online accounts—testing whether, say, an email account password is the same one used for a victim’s online banking system, their mortgage payment platform, or their Social Security portal.

The volume of these apps and their capabilities underscore the importance of securing yourself and your devices. With vigilance, safe behavior, and some extra support, you can avoid Android phishing apps and protect your accounts from cybercriminals.

****Same trick, new delivery****

For more than a decade, phishing was often understood as an email threat. Cybercriminals would send emails disguised as legitimate communications from major businesses, such as Netflix, Uber, Instagram, Google, and more. These emails would frequently warn recipients about a problem with their accounts—a password needed to be updated, or a policy change required a login.

But when victims followed the links within these malicious emails, they’d be brought to a website that, while appearing genuine, would actually be in complete control of cybercriminals. Fooled by similar color schemes, company logos, and familiar layouts, victims would “log in” to their account by entering their username and password. In reality, those usernames and passwords would just be delivered to cybercriminals on the other side of the website.

There never was a problem with a user’s account, and there never was a real request for information from the company. Instead, the entire back-and-forth was a charade.

Over time, phishing emails have advanced—cybercriminals have stolen credit card details by posing as charities—but so, too, have phishing protections from major email providers, sending many cybercriminal efforts into people’s “spam” inboxes, where the emails are, thankfully, never retrieved.

But last year, cybercriminals focused on a new avenue for phishing. They started developing entire mobile apps on Android that could provide the same level of theft.

The lure that convinces people to download these apps varies.

Some Android phishing apps are disguised as regular videogames or utilities which may ask users to connect with a separate social media account for the primary app to function. The requests are bogus and simply a method for harvesting passwords. Other Android phishing apps pose as popular apps, including TikTok, WhatsApp, and Spotify. These decoy apps are often hosted on less popular mobile app stores, as the protections of the Google Play store often flag and remove these apps, should they ever sneak onto the marketplace.

Here, cybercriminals have again found loopholes.

Malwarebytes discovered Android phishing apps last year that do not contain any code—or programmatic “instructions”—to steal passwords. Instead, the apps merely serve ads that, if clicked, send victims to external websites that do all the cybercriminal work outside of the app. These “benign” apps have a better chance of being hosted on legitimate mobile app stores, which gives them greater visibility amongst everyday people, and thus, more chances to steal information.

Most concerning, though, is the recent development from Android phishing apps that pierces one of the strongest security practices in use today: multifactor authentication.

Multifactor authentication is a security measure offered by most major online platforms including banks, retirement systems, social media companies, email providers, and more. With multifactor authentication, a username and password are no longer enough to sign into an account. Instead, the platform will send a separate “code,” typically a six-digit number, that the user must also enter to complete the login process. This code is often sent as a text message directly to the user, who has registered their phone number with the platform.

But now, multifactor authentication codes can also be stolen by Android phishing apps.

Last year, Malwarebytes found 5,200 apps that could steal these codes either by cracking directly into certain text messages or by stealing information from a device’s “Notifications” bar, which can deliver timely summaries or prompts for many apps.

This does not make multifactor authentication useless. Instead, it emphasized a more holistic approach to cybersecurity that, at the very least, includes multifactor authentication.

****Staying safe from Android phishing apps****

Android phishing apps are simple, effective, and hard to spot to the naked eye. But there are behaviors and tools that can help keep you and your accounts safe.

To protect yourself from Android phishing apps:

*   Use mobile security software that detects and stops Android phishing apps from ever being installed on your Android device.
*   Before downloading any apps, you should look at the number of reviews. A low number of reviews may signal a decoy app.
*   Most people will only ever need to download Android apps directly from the Google Play Store. Be wary of other app stores or marketplaces, and never download a mobile app directly from a website.
*   Use a password manager to create and manage unique passwords for every single account. That way, if one password is stolen, it cannot be abused to open other online accounts.
*   Use multifactor authentication on your most sensitive accounts, including your financial, email, social media, healthcare, and government platforms (such as any accounts you use to file taxes).

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Phishing evolves beyond email to become latest Android app threat 

The UK has demanded Apple provides it with a worldwide backdoor into iCloud backups. Privacy organizations are furious.

Last week, an article in the Washington Post revealed the UK had secretly ordered Apple to provide blanket access to protected cloud backups around the world. Since then, privacy focused groups have uttered their objections.

The UK government has demanded to be able to access encrypted data stored by Apple users worldwide in its cloud service. However, Apple itself doesn’t have access to it at the moment, only the holder of the Apple account can access data stored in this way.

Neither the Home Office nor Apple responded on the record to queries about the demand served by the Home Office under the Investigatory Powers Act (IPA) , but the BBC confirmed that it had heard the same information from reliable sources.

Privacy International said the demand is a “misguided attempt” that uses disproportionate government powers to access encrypted data, which may:

> “Set a damaging precedent and encourage abusive regimes around the world to take similar actions.”

The Electronic Frontier Foundation (EFF) stated:

> “Encryption is one of the best ways we have to reclaim our privacy and security in a digital world filled with cyberattacks and security breaches, and there’s no way to weaken it in order to only provide access to the good guys.”

The main goal for the Home Office is an optional feature that turns on end-to-end encryption for backups and other data stored in iCloud. This feature is called Advanced Data Protection. Enabling Advanced Data Protection (ADP), protects the majority of your iCloud data — including iCloud Backup, Photos, Notes, and more — using end-to-end encryption.

For some time, these backups presented law enforcement agencies with a loophole to obtain access to data otherwise not available to them on iPhones with device encryption enabled. If the user hasn’t enabled ADP, this loophole still exists.

The EFF recommends users should turn off the option to create iCloud backups should the UK get its way. As the EFF has said before, and we agree, there is no backdoor that only works for the “good guys” and only targets “bad guys.” It’s all or nothing, and the bad guys will have enough money to find alternatives, while regular users may run out of free options if governments keep doing this.

**What can I do?**

How you wish to proceed after this news is obviously up to you, but we have some options you may be interested in. If you think Apple will stand up against the UK’s Home Office you can enable iCloud backup and Advanced Data Protection.

But if you want to find another place for your backups, these instructions may come in handy.

****How to turn off iCloud backups********On iPhone or iPad****

*   Tap **Settings** > {username} > **iCloud On your iPhone or iPad**.
*   This will list the devices with iCloud Backup turned on.
*   To delete a backup, tap the name of a device, then tap **Turn Off and Delete from iCloud** (or **Delete & Turn Off Backup**).

iCloud backup disabled

****On Mac****

*   Click **Manage** > **Backups**.
*   A list of devices that have iCloud Backup turned on is shown.
*   To delete a backup, select a device, then click **Delete** or the **Remove** button.

Note: If you turn off iCloud Backup for a device, any backups stored in iCloud are kept for 180 days before being deleted.

**How to turn on Advanced Data Protection**

If you haven’t enabled ADP and you want it, first update the iPhone, iPad, or Mac that you’re using to the latest software version.

Turning on ADP on one device enables it for your entire account and all your compatible devices.

****On iPhone or iPad****

1.  Open the **Settings** app.
2.  Tap your name, then tap **iCloud**.
3.  Scroll down, tap **Advanced Data Protection**, then tap **Turn on Advanced Data Protection**.
4.  Follow the onscreen instructions to review your recovery methods and enable Advanced Data Protection.

****On Mac****

1.  Choose **Apple menu** > **System Settings**.
2.  Click your name, then click **iCloud**.
3.  Click **Advanced Data Protection**, then click **Turn On**.
4.  Follow the onscreen instructions to review your recovery methods and enable Advanced Data Protection.

Note: If you’re not able to turn on Advanced Data Protection for a certain period of time, the onscreen instructions may provide more details.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Apple ordered to grant access to users&#8217; encrypted data 

New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three "free" downloads for Apple and Google devices since their debut on Jan. 25, 2025. But experts caution that many of DeepSeek's design choices -- such as using hard-coded encryption keys, and sending unencrypted user and device data to Chinese companies -- introduce a number of glaring security and privacy risks.

New mobile apps from the Chinese artificial intelligence (AI) company **DeepSeek** have remained among the top three “free” downloads for Apple and Google devices since their debut on Jan. 25, 2025. But experts caution that many of DeepSeek’s design choices — such as using hard-coded encryption keys, and sending unencrypted user and device data to Chinese companies — introduce a number of glaring security and privacy risks.

Public interest in the DeepSeek AI chat apps swelled following widespread media reports that the upstart Chinese AI firm had managed to match the abilities of cutting-edge chatbots while using a fraction of the specialized computer chips that leading AI companies rely on. As of this writing, DeepSeek is the third most-downloaded “free” app on the Apple store, and #1 on Google Play.

DeepSeek’s rapid rise caught the attention of the mobile security firm **NowSecure**, a Chicago-based company that helps clients screen mobile apps for security and privacy threats. In a teardown of the DeepSeek app published today, NowSecure urged organizations to remove the DeepSeek iOS mobile app from their environments, citing security concerns.

NowSecure founder **Andrew Hoog** said they haven’t yet concluded an in-depth analysis of the DeepSeek app for **Android** devices, but that there is little reason to believe its basic design would be functionally much different.

Hoog told KrebsOnSecurity there were a number of qualities about the DeepSeek iOS app that suggest the presence of deep-seated security and privacy risks. For starters, he said, the app collects an awful lot of data about the user’s device.

“They are doing some very interesting things that are on the edge of advanced device fingerprinting,” Hoog said, noting that one property of the app tracks the device’s name — which for many iOS devices defaults to the customer’s name followed by the type of iOS device.

The device information shared, combined with the user’s Internet address and data gathered from mobile advertising companies, could be used to deanonymize users of the DeepSeek iOS app, NowSecure warned. The report notes that DeepSeek communicates with **Volcengine**, a cloud platform developed by **ByteDance** (the makers of **TikTok**), although NowSecure said it wasn’t clear if the data is just leveraging ByteDance’s digital transformation cloud service or if the declared information share extends further between the two companies.

Image: NowSecure.

Perhaps more concerning, NowSecure said the iOS app transmits device information “in the clear,” without any encryption to encapsulate the data. This means the data being handled by the app could be intercepted, read, and even modified by anyone who has access to any of the networks that carry the app’s traffic.

“The DeepSeek iOS app globally disables App Transport Security (ATS) which is an iOS platform level protection that prevents sensitive data from being sent over unencrypted channels,” the report observed. “Since this protection is disabled, the app can (and does) send unencrypted data over the internet.”

Hoog said the app does selectively encrypt portions of the responses coming from DeepSeek servers. But they also found it uses an insecure and now deprecated encryption algorithm called 3DES (aka Triple DES), and that the developers had hard-coded the encryption key. That means the cryptographic key needed to decipher those data fields can be extracted from the app itself.

There were other, less alarming security and privacy issues highlighted in the report, but Hoog said he’s confident there are additional, unseen security concerns lurking within the app’s code.

“When we see people exhibit really simplistic coding errors, as you dig deeper there are usually a lot more issues,” Hoog said. “There is virtually no priority around security or privacy. Whether cultural, or mandated by China, or a witting choice, taken together they point to significant lapse in security and privacy controls, and that puts companies at risk.”

Apparently, plenty of others share this view. _Axios_ reported on January 30 that U.S. congressional offices are being warned not to use the app.

“\[T\]hreat actors are already exploiting DeepSeek to deliver malicious software and infect devices,” read the notice from the chief administrative officer for the House of Representatives. “To mitigate these risks, the House has taken security measures to restrict DeepSeek’s functionality on all House-issued devices.”

_TechCrunch_ reports that Italy and Taiwan have already moved to ban DeepSeek over security concerns. _Bloomberg_ writes that **The Pentagon** has blocked access to DeepSeek. _CNBC_ says **NASA** also banned employees from using the service, as did the **U.S. Navy**.

Beyond security concerns tied to the DeepSeek iOS app, there are indications the Chinese AI company may be playing fast and loose with the data that it collects from and about users. On January 29, researchers at **Wiz** said they discovered a publicly accessible database linked to DeepSeek that exposed “a significant volume of chat history, backend data and sensitive information, including log streams, API secrets, and operational details.”

“More critically, the exposure allowed for full database control and potential privilege escalation within the DeepSeek environment, without any authentication or defense mechanism to the outside world,” Wiz wrote. \[Full disclosure: Wiz is currently an advertiser on this website.\]

KrebsOnSecurity sought comment on the report from DeepSeek and from Apple. This story will be updated with any substantive replies.

Experts Flag Security, Privacy Risks in DeepSeek AI App

News about USPS suspending shipments from China and Hong Kong may give scammers some ideas to defraud consumers

I would be the last one to provide scammers with good ideas, but as a security provider, sometimes we need to think like criminals to stay ahead in the race.

Recently, the US Postal Service (USPS) announced that it would suspend inbound packages from China and Hong Kong until further notice. That further notice, it turned out, was very short indeed, with the USPS announcing on February 5 that the interruption in service would itself be disrupted—packages were once again approved to enter the country. But the whiplash announcements, the second of which was dropped with little fanfare, have caused confusion.

So, there is an opportunity for scammers to exploit that confusion and uncertainty. Let me spell out how:

*   Scammers could send messages about refunds based on packages that could not be sent.
*   A revival of the old “Your package could not be delivered” scam could spring up.
*   Phishers could send messages about goods that were rerouted through other countries.
*   Goods—including counterfeit—could be offered for sale at “pre-tariff” rates.
*   Malicious messages could claim to arrive from the shipper, the e-commerce platform, or Customs, asking for additional information to get a package released.
*   Cybercriminals may set up fake USPS sites—as they have done in the past—to intercept searches for Track & Trace information.

Scammers are always looking to make money over other people’s backs. They will usually enter some kind of urgency into their messaging, like a time before which you have to respond. This is a good indicator because they don’t want you to think things through before you act.

**How can you stay safe?**

It’s best not to respond to any of these attempts, to avoid letting scammers know that someone is reading their attempts. It will likely cause an increase in spam and other attempts.

Depending on how the scam reaches you and what it is after, there are several ways to stay safe.

*   Use a solution that offers text protection and text message filtering.
*   Do not click on unsolicited links or open unsolicited attachments.
*   Do not trust that sponsored ads lead to the legitimate company, we are seeing too many fakes.
*   Do not trust links that use URL-shorteners, or at least unshorten the link before following it. The same is true for QR codes which are basically URLs in a different shape.
*   Doublecheck the source of messages through a trusted way of communication with the shipper, e-commerce platform, or customs.

And please report fraud attempts with the Internet Crime Complaint Center (IC3), so others can be warned about common scams.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 New scams could abuse brief USPS suspension of inbound packages from China, Hong Kong 

**What is the version information for this release?**

Microsoft Edge Version

Date Released

Based on Chromium Version

133.0.3065.51

2/6/2025

133.0.6943.53/54

Tag

#android